The branch, master has been updated via 8a48422fa568620d612901dcd064275122b794e0 (commit) from c69719a3dd52d73fc18d48805b8fa3451d2b9212 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a48422fa568620d612901dcd064275122b794e0 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Tue Sep 3 10:22:54 2013 +0200 Support encryption passphrases on SSH private key files. ----------------------------------------------------------------------- Summary of changes: debian/changelog | 1 + x2go/backends/control/_stdout.py | 55 +++++++++++++++++++++++++++++++------- 2 files changed, 46 insertions(+), 10 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index 0d84279..6dfa5f8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ python-x2go (0.4.0.9-0~x2go1) UNRELEASED; urgency=low - Store the session password in base64 encoded string in order to make it harder spotting the long term stored (for the duration of the session) plain text password. + - Support encryption passphrases on SSH private key files. -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Wed, 07 Aug 2013 12:18:46 +0200 diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py index 7b73759..648b72e 100644 --- a/x2go/backends/control/_stdout.py +++ b/x2go/backends/control/_stdout.py @@ -857,14 +857,41 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient): elif (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey: self.logger('trying SSH pub/priv key authentication with server', loglevel=log.loglevel_DEBUG) paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=pkey, - key_filename=key_filename, timeout=timeout, allow_agent=allow_agent, + key_filename=key_filename, timeout=timeout, allow_agent=False, look_for_keys=look_for_keys) else: self.logger('trying SSH key discovery or agent authentication with server', loglevel=log.loglevel_DEBUG) + paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None, + key_filename=None, timeout=timeout, allow_agent=allow_agent, + look_for_keys=look_for_keys) + + # since Paramiko 1.7.7.1 there is compression available, let's use it if present... + t = self.get_transport() + if x2go._paramiko.PARAMIKO_FEATURE['use-compression']: + t.use_compression(compress=True) + # enable keep alive callbacks + t.set_keepalive(5) + + except paramiko.PasswordRequiredException, e: + self.close() + if password: + self.logger('unlock SSH private key file with provided password', loglevel=log.loglevel_INFO) + try: - paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None, - key_filename=None, timeout=timeout, allow_agent=allow_agent, - look_for_keys=look_for_keys) + if (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey: + self.logger('re-trying SSH pub/priv key authentication with server', loglevel=log.loglevel_DEBUG) + paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=pkey, password=password, + key_filename=key_filename, timeout=timeout, allow_agent=False, + look_for_keys=look_for_keys) + else: + self.logger('re-trying SSH key discovery or agent authentication with server', loglevel=log.loglevel_DEBUG) + paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None, password=password, + key_filename=None, timeout=timeout, allow_agent=allow_agent, + look_for_keys=look_for_keys) + except paramiko.AuthenticationException: + # the provided password cannot be used to unlock any private SSH key file (i.e. wrong password) + raise paramiko.PasswordRequiredException(str(e)) + except paramiko.SSHException, e: if str(e) == 'No authentication methods available': raise paramiko.AuthenticationException('Interactive password authentication required!') @@ -874,12 +901,11 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient): self.sshproxy_session.stop_thread() raise(e) - # since Paramiko 1.7.7.1 there is compression available, let's use it if present... - t = self.get_transport() - if x2go._paramiko.PARAMIKO_FEATURE['use-compression']: - t.use_compression(compress=True) - # enable keep alive callbacks - t.set_keepalive(5) + else: + self.close() + if self.sshproxy_session: + self.sshproxy_session.stop_thread() + raise(e) except paramiko.AuthenticationException, e: self.close() @@ -899,6 +925,15 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient): self.sshproxy_session.stop_thread() raise(e) + except paramiko.SSHException, e: + if str(e) == 'No authentication methods available': + raise paramiko.AuthenticationException('Interactive password authentication required!') + else: + self.close() + if self.sshproxy_session: + self.sshproxy_session.stop_thread() + raise(e) + except: self.close() if self.sshproxy_session: hooks/post-receive -- python-x2go.git (Python X2Go Client API) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "python-x2go.git" (Python X2Go Client API).